#!/usr/bin/env shell

# Filename     :	create_ca_server.sh
# Last modified:	2024-11-16 12:12
# Version      :
# Author       : jack.zang
# Email        : jack.zang@aishangwei.net
# Description  :
# 使用方法：( source <(curl -sL https://gitee.com/jack_zang/public-scripts/raw/master/shell/cert/create_ca_server.sh); SUBJ="/C=CN/ST=HeNan/L=ZhengZhou/O=xiodi.cn/OU=edu/CN=" CN_NAME="client.xiodi.cn")
# ******************************************************

SUBJ="/C=CN/ST=HeNan/L=ZhengZhou/O=xiodi.cn/OU=edu/CN="
CN_NAME="client.xiodi.cn"

if [ ! -f "ca.crt" ]; then
    # 生成 CA 证书
    (umask 0700; openssl genrsa -out ca.key 2048)
    openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -subj ${SUBJ}ca.xiodi.cn
fi

# 生成服务器证书私钥
(umask 0700; openssl genrsa -out ${CN_NAME}.key 2048)
# 生成证书签名请求
openssl req -new -key ${CN_NAME}.key -out ${CN_NAME}.csr -subj ${SUBJ}${CN_NAME}
# 生成证书
openssl x509 -req -days 3650 -in ${CN_NAME}.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ${CN_NAME}.crt